WordPress · Stop Spammers Security · CVE-2022-4120
**Name of the Vulnerable Software and Affected Versions**
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2022.6
**Description**
The issue arises when the plugin passes base64 encoded user input to the `unserialize()` PHP function, specifically when CAPTCHA is used as a second challenge. This could potentially lead to PHP Object injection if another plugin installed on the blog has a suitable gadget chain.
**Recommendations**
For versions prior to 2022.6, update to version 2022.6 or later to resolve the issue.